US Central Command (Centcom) has dismissed the acts, which saw its YouTube and Twitter accounts briefly fall into the hands of hackers and used to distribute pro-ISIS messages as “cyber vandalism” and said that none of its military servers were compromised during the incident.
Centcom said it would not consider discontinuing its use of social media to further its aims however, a spokesman for military organisation conceded that a security review was necessary.
“As a matter of policy, we don’t discuss specific security measures, but as part of looking into this incident we will also evaluate our cyber security measures and take any necessary steps to improve security,” the Centcom spokesman said.
Twitter suspended Centcom’s account within an hour of its compromise but not before attackers replaced its profile image of a person cloaked in a black and white keffiyeh and the words“CyberCaliphate”.
“WE ARE COMING, WATCH YOUR BACK. ISIS,” the attackers warned in a letter addressed to US soldiers using Centacom’s compromised account.
“You'll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah's permission we are in CENTCOM now.
We won't stop! We know everything about you, your wives and children.
U.S. soldiers! We're watching you!” the letter continued in dramatic tones.
The attackers also used the account to draw attention to documents posted on the web in an attempt to give credence to their claims that they had breached Centcom military servers.
The documents, some of which appearing to be authored by MIT Lincoln Laboratory, were Microsoft PowerPoint presentations detailing US security concerns in North Korea, Indonesia, Central Africa, China and the Caspian Sea. The attackers extracted images of maps showing the location of nuclear sites and military targets from some of the presentations and posted them on Centcom’s Twitter feed.
Centcom said that the information was publicly available and did not come from its servers. However, it has contacted US law enforcement agencies over the hackers’ apparent release of personal details of military personnel in some of the documents.
“Our initial assessment is that no classified information was posted and that none of the information posted came from Centcom’s server or social media sites. Some of the information posted may have contained potential (personally identifiable information), so we notified appropriate (Department of Defense) and law enforcement authorities about its potential release and we'll take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible,” Centcom’s spokesman said.
Centcom’s Twitter feed was restored shortly after midday yesterday. Its YouTube account was still suspended as of late yesterday evening Australia eastern daylight saving time.
David Vaile, executive director of the University of NSW’s Cyberspace Law and Policy Centre said that it was risky for military to use social media services designed for ease of use rather than secure communication for their official business.
Social media had become an effective low-cost and low-risk means for extremist and fringe groups to garner global political capital for their aims, Mr Vaile said.
“It’s a bit disturbing how willing much of the media seems to have been to cooperate in the glamorisation and promotion of what they’re up to,” Mr Vaile said before adding: “The degree of difficulty was actually quite low but they’ve got worldwide headlines. It’s more in the nature of social engineering of the media than an actual data breach. Even as a hoax, revealed quite quickly, it’s not enough to undo the effectiveness of feeding into the stream and having it propagate through the various networks”.
Sources close to the hacking incident said that it was unlikely that attackers had any genuine links to ISIS.
“I think we’re going to find that this was something else entirely,” the source said.
The hacking incident occurred as President Barrack Obama prepared to address the US Department of Homeland Security on a series of legislative proposals to tighten cyber security for private companies and government organisations.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)